jacobtolar/client.js.diff

## client.js.diff
507,513d506
<
<         // cert auth
<         case 'ssh-rsa-cert-v01@openssh.com':
<         case 'ssh-dss-cert-v01@openssh.com':
<         case 'ecdsa-sha2-nistp256-cert-v01@openssh.com':
<         case 'ecdsa-sha2-nistp384-cert-v01@openssh.com':
<         case 'ecdsa-sha2-nistp521-cert-v01@openssh.com':
535c528
<               if (!pubKeyFullType.startsWith(sigFullType)) {
---
>               if (sigFullType !== pubKeyFullType) {

## ssh.js.diff
1612,1613c1612,1613
< cbSign(buf, function(signature) {
<     if (pubKeyFullType.startsWith('ssh-dss')) {
---
>   cbSign(buf, function(signature) {
>     if (pubKeyFullType === 'ssh-dss') {
1615c1615,1616
<     } else if (!pubKeyFullType.startsWith('ssh-rsa')) {
---
>     } else if (pubKeyFullType !== 'ssh-rsa') {
>       // ECDSA
1619,1638d1619
<     // I *think*... (works for me)
<     //
<     // https://www.ietf.org/rfc/rfc4252.txt
<     // http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
<     //
<     // "The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types
<     //  ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521."
<
<     var certAlgo;
<     if (pubKeyFullType.startsWith('ssh-rsa')) {
<       certAlgo = 'ssh-rsa';
<     } else if (pubKeyFullType.startsWith('ssh-dss')) {
<       certAlgo = 'ssh-dss';
<     } else {
<       // Not sure about this one
<       certAlgo = pubKeyFullType;
<     }
<
<     var certAlgoLen = certAlgo.length;
<
1648c1629
<                             + 4 + certAlgoLen
---
>                             + 4 + algoLen
1671,1677c1652,1655
<
<     sigbuf.writeUInt32BE(4 + certAlgoLen + 4 + sigLen, p += pubKeyLen, true);
<
<     sigbuf.writeUInt32BE(certAlgoLen, p += 4, true);
<     sigbuf.write(certAlgo, p += 4, certAlgoLen, 'ascii');
<
<     sigbuf.writeUInt32BE(sigLen, p += certAlgoLen, true);
---
>     sigbuf.writeUInt32BE(4 + algoLen + 4 + sigLen, p += pubKeyLen, true);
>     sigbuf.writeUInt32BE(algoLen, p += 4, true);
>     sigbuf.write(pubKeyFullType, p += 4, algoLen, 'ascii');
>     sigbuf.writeUInt32BE(sigLen, p += algoLen, true);
1686d1663
<
	507,513d506
	<
	< // cert auth
	< case 'ssh-rsa-cert-v01@openssh.com':
	< case 'ssh-dss-cert-v01@openssh.com':
	< case 'ecdsa-sha2-nistp256-cert-v01@openssh.com':
	< case 'ecdsa-sha2-nistp384-cert-v01@openssh.com':
	< case 'ecdsa-sha2-nistp521-cert-v01@openssh.com':
	535c528
	< if (!pubKeyFullType.startsWith(sigFullType)) {
	---
	> if (sigFullType !== pubKeyFullType) {
	1612,1613c1612,1613
	< cbSign(buf, function(signature) {
	< if (pubKeyFullType.startsWith('ssh-dss')) {
	---
	> cbSign(buf, function(signature) {
	> if (pubKeyFullType === 'ssh-dss') {
	1615c1615,1616
	< } else if (!pubKeyFullType.startsWith('ssh-rsa')) {
	---
	> } else if (pubKeyFullType !== 'ssh-rsa') {
	> // ECDSA
	1619,1638d1619
	< // I think... (works for me)
	< //
	< // https://www.ietf.org/rfc/rfc4252.txt
	< // http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
	< //
	< // "The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types
	< // ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521."
	<
	< var certAlgo;
	< if (pubKeyFullType.startsWith('ssh-rsa')) {
	< certAlgo = 'ssh-rsa';
	< } else if (pubKeyFullType.startsWith('ssh-dss')) {
	< certAlgo = 'ssh-dss';
	< } else {
	< // Not sure about this one
	< certAlgo = pubKeyFullType;
	< }
	<
	< var certAlgoLen = certAlgo.length;
	<
	1648c1629
	< + 4 + certAlgoLen
	---
	> + 4 + algoLen
	1671,1677c1652,1655
	<
	< sigbuf.writeUInt32BE(4 + certAlgoLen + 4 + sigLen, p += pubKeyLen, true);
	<
	< sigbuf.writeUInt32BE(certAlgoLen, p += 4, true);
	< sigbuf.write(certAlgo, p += 4, certAlgoLen, 'ascii');
	<
	< sigbuf.writeUInt32BE(sigLen, p += certAlgoLen, true);
	---
	> sigbuf.writeUInt32BE(4 + algoLen + 4 + sigLen, p += pubKeyLen, true);
	> sigbuf.writeUInt32BE(algoLen, p += 4, true);
	> sigbuf.write(pubKeyFullType, p += 4, algoLen, 'ascii');
	> sigbuf.writeUInt32BE(sigLen, p += algoLen, true);
	1686d1663
	<